What is Azure Arc-enabled servers?
By using Azure Arc-enabled servers you can manage Windows and Linux on-premises servers (virtual machines or physical servers) and virtual machines hosted by other cloud providers directly in Azure.
These machines in context of Azure Arc are so called hybrid machines. The management of these hybrid machines in Azure Arc is by design the same as you will be used to manage native Azure virtual machines.
When a hybrid machine is connected to Azure, it becomes a connected machine and is treated as a resource in Azure. Each connected machine has a Resource ID enabling the machine to be included in a resource group.
To connect hybrid machines to Azure, you install the Azure Connected Machine agent on each machine.
Source: https://learn.microsoft.com/en-us/azure/azure-arc/servers/overview
Connect hybrid machines with Azure Arc-enabled servers
To use Azure Arc-enabled servers, the following Azure resource providers must be registered in your subscription:
- Microsoft.HybridCompute
- Microsoft.GuestConfiguration
- Microsoft.HybridConnectivity
- Microsoft.AzureArcData (if you plan to Arc-enable SQL Servers)
All prerequisites you will find in the article from Microsoft https://learn.microsoft.com/en-us/azure/azure-arc/servers/learn/quick-enable-hybrid-vm#prerequisites.
To see all resource providers, and the registration status for your subscription:
On the Azure portal menu, search for Subscriptions. Select it from the available options.
Find the resource provider you want to register, and select Register. To maintain least privileges in your subscription, only register those resource providers that you’re ready to use.
An Azure resource provider is a set of REST operations that enable functionality for a specific Azure service. For example, the Key Vault service consists of a resource provider named Microsoft.KeyVault. The resource provider defines REST operations for managing vaults, secrets, keys, and certificates.
The resource provider defines the Azure resources you can deploy to your account. A resource type’s name follows the format: {resource-provider}/{resource-type}. The resource type for a key vault is Microsoft.KeyVault/vaults.
Generate installation script
Use the Azure portal to create a script that automates the agent download and installation and establishes the connection with Azure Arc.
We can onboard Windows Server 2022 and later directly to Azure Arc by using a graphical wizard installed as a feature by default. More about you will find in my following post https://blog.matrixpost.net/how-to-connect-windows-server-machines-to-azure-by-using-azure-arc/
Create a resource -> Serves – Azure Arc
Select the Add a single server tile, then select Generate script.
You can also enable Automanage for Azure Arc-enabled servers.
More about Automanage you will find in my following post.
On the Tags page, review the default Physical location tags suggested and enter a value, or specify one or more Custom tags to support your standards. Then select Next.
In the Download or copy the following script section, review the script. If you want to make any changes, use the Previous button to go back and update your selections. Otherwise, select Download to save the script file.
Install the agent using the script
Now that you’ve generated the script, the next step is to run it on the server that you want to onboard to Azure Arc. The script will download the Connected Machine agent from the Microsoft Download Center, install the agent on the server, create the Azure Arc-enabled server resource, and associate it with the agent.
Open an elevated 64-bit PowerShell command prompt on the computer you want to connect to Azure Arc and execute the downloaded script.
Below I will run the script on one of my physical Hyper-V servers (Dell PowerEdge R740) in our data center in Frankfurt.
During the agent installation we also need to authenticate to Azure.
Finally my Hyper-V server is connected to Azure.
Verify the connection with Azure Arc
After you install the agent and configure it to connect to Azure Arc-enabled servers, go to the Azure portal to verify that the server has successfully connected. View your machine in the Azure portal.
Here I can see my connected Hyper-V server.
You can repeat these steps as needed to onboard additional machines. We also provide a variety of other options for deploying the agent, including several methods designed to onboard machines at scale. For more information, see Azure Connected Machine agent deployment options.
Source: https://learn.microsoft.com/en-us/azure/azure-arc/servers/learn/quick-enable-hybrid-vm
Now that we have enabled our Linux or Windows hybrid machine and successfully connected to the service, we can onboard these on-premises machines or virtual machines hosted by other cloud providers to Azure Automanage/Azure Policy.
It’s important to recognize that with the introduction of Azure Arc, you can extend your policy-based governance across different cloud providers and even to your local datacenters.
Source: https://learn.microsoft.com/en-us/azure/governance/policy/overview
More about Azure Automanage and Azure Policy you will find in my following post.
Links
Azure Arc-enabled servers
https://learn.microsoft.com/en-us/azure/azure-arc/servers/What is Azure Policy?
https://learn.microsoft.com/en-us/azure/governance/policy/overview